FY23 Microsoft Supply Chain Integrity Statement PDF
Document Details
Uploaded by GlisteningWichita
2023
Penny Pritzker
Tags
Summary
This document is Microsoft's FY23 Supply Chain Integrity Statement. It outlines actions taken to prevent modern slavery and human trafficking in its operations and supply chains, referencing various laws and commitments. The statement highlights the company's global approach to identifying and addressing human rights, modern slavery, health and safety and environmental risks.
Full Transcript
A FY23 Microsoft Supply Chain Integrity Statement Board of Directors approval This Statement describes the actions taken by Microsoft Corporation and its subsidiaries covered by reporting requirements (the Reporting Entities listed in Annex 1) during Fiscal Year 2023 (FY23) to prevent...
A FY23 Microsoft Supply Chain Integrity Statement Board of Directors approval This Statement describes the actions taken by Microsoft Corporation and its subsidiaries covered by reporting requirements (the Reporting Entities listed in Annex 1) during Fiscal Year 2023 (FY23) to prevent modern slavery and human trafficking in our operations and our supply chains pursuant to the United Kingdom (UK) Modern Slavery Act, Australian Modern Slavery Act1, and the Canadian Forced Labor Reporting Law (S-211)2, and our due diligence and related risk prevention and remediation measures pursuant to the Norwegian Transparency Act (collectively the Relevant Supply Chain Reporting Laws). Microsoft Corporation and the Reporting Entities are hereinafter collectively referred to as Microsoft. While Microsoft has previously issued separate statements under these laws, this report compiles information to address each law’s substantive requirements. A mapping of the different sections of the report to each law’s reporting requirements is identified in Annex 2. The statement outlines the efforts we took in FY23 to advance the principles of the Universal Declaration of Human Rights (the Declaration) and to respect human rights in Microsoft’s operations, supply chain, products, and services. It is reflective of our global, risk-based approach to identify and address human rights, including modern slavery, health and safety, and environmental risks in our operations and value chains. Throughout this statement, we reference “modern slavery” which includes forced, debt bonded, indentured, child, slave or involuntary labor (including prison labor) and human trafficking. Microsoft continues to develop, implement, and enforce measures that allow workers in our global supply chains and our employees to exercise their human rights. Senior management of the supply chains teams contributing to goods and services sold by the Reporting Entities, have contributed to and reviewed the content of this Statement. This statement is signed by Penny Pritzker in her role as Director of Microsoft and member of the Microsoft Board of Directors; Chair, Environmental, Social, and Public Policy Committee. The Microsoft Board of Directors approved this Statement for the Reporting Entities at its November 29, 2023, meeting as the parent entity. 1 For the purposes of the Australian Modern Slavery Act 2018 (Cth), the Australian Reporting Entities conduct business for Microsoft in Australia as subsidiaries. Microsoft Pty Ltd is a proprietary company limited by shares and its principal operations are to market, distribute and sell Microsoft’s goods and services in Australia. Microsoft Australia Holdings Pty Ltd and Microsoft Datacenter (Australia) Pty Ltd are also proprietary companies limited by shares and together operate Microsoft’s Australian data center servers. LinkedIn Singapore Pte Ltd is a private company limited by shares and is a registered foreign company in Australia (as of 22 October 2016) which supports the operation delivery of Microsoft’s social and professional network platform, LinkedIn, in the Asia-Pacific region. Of all Australian Reporting Entities, only Microsoft Australia Holdings Pty Ltd owns and controls other entities, including Microsoft Datacenter (Australia) Pty Ltd. 2 The Canadian Fighting Against Forced Labor and Child Labor in Supply Chains Act goes into effect on Jan 01, 2024. To the extent that any additional disclosures are required by the Canadian regulators, they will be made in a future report. 1 Table of Contents Board of Directors approval.................................................................................................................... 1 Introduction................................................................................................................................................ 3 Microsoft’s Approach: Structure, Business and Supply Chains......................................................... 3 Risk Management Oversight and Management Responsibility........................................................ 5 Fundamental Rights Policies.................................................................................................................... 6 Stakeholder Consultation....................................................................................................................... 10 Embedding Fundamental Rights Strategy and Risk Assessments.................................................. 10 Risk Mitigation Measures....................................................................................................................... 11 Remediation Processes........................................................................................................................... 15 Effectiveness Measures........................................................................................................................... 17 Grievance Mechanisms........................................................................................................................... 17 Internal and External Training............................................................................................................... 19 Microsoft External Engagements.......................................................................................................... 20 The Path Forward & Ongoing Commitments..................................................................................... 22 Annex 1: Our Reporting Entities............................................................................................................ 23 Annex 2: Mapping of sections to laws................................................................................................. 24 2 Introduction In the aftermath of World War II, on December 10, 1948, the United Nations General Assembly adopted the Universal Declaration of Human Rights (the Declaration). As the foundation of international human rights law, including the laws that are the subject of this statement, the Declaration outlines the basic rights and fundamental freedoms of all human beings. The Declaration and other core human rights laws, principles, and norms attest that decent working conditions and access to a clean, healthy, and sustainable environment are basic human rights. Decent work is essential for inclusive and sustainable livelihoods and is foundational to a life of dignity. Microsoft is committed to advancing those rights through our business practices and philanthropic work, and this is discussed more broadly in our Human Rights Report, available on the Microsoft Human Rights website. This report provides an overview of the work we do in our operations and supply chains to respect human rights and align our due diligence practices with those set out in leading standards, including the UN Guiding Principles on Business and Human Rights (the UNGPs) and the OECD Guidelines for Multinational Enterprises. Microsoft’s Global Human Rights Statement, which applies to Microsoft and all its subsidiaries, outlines our commitment to respecting and promoting the rights of our employees, product users, suppliers, and others who are impacted by our technology. Microsoft develops, implements, and enforces measures to prohibit and remedy labor exploitation, including human trafficking, forced and involuntary labor, prison labor, and child labor, consistent with the standards and conventions of international law. We require our suppliers to treat their employees fairly, to provide fair compensation and to protect the health and safety of workers. Microsoft will continue our mission to uphold human rights including exploring how we can apply technology to advance human rights through efforts like increasing connectivity to technology and increasing transparency throughout our supply chains. We will continue to be transparent in our work and report on our progress. Microsoft’s Approach: Structure, Business and Supply Chains About Microsoft Microsoft is a publicly traded (NASDAQ: MSFT) technology company whose mission is to empower every person and every organization on the planet to achieve more. We strive to create growth and positive impact worldwide. Founded in 1975, Microsoft develops and supports software, services, devices, and solutions that deliver new value for customers and help people and businesses realize their full potential. We offer an array of services, including cloud-based solutions that provide customers with software, services, platforms, and content, and we provide solution support and consulting services. We also deliver relevant online advertising to a global audience. Our products include operating systems, cross-device productivity applications, server applications, business solution applications, desktop and server management tools, software development tools, and video games. We also design, manufacture, and sell devices, including personal computers, tablets, gaming and entertainment consoles, other intelligent devices, and related accessories. As we continue to evolve, we are leading in the new era of AI and cloud computing, creating AI powered platforms and tools that deliver better, faster, and more effective solutions to support small 3 and large business competitiveness, improve educational and health outcomes, grow public-sector efficiency, and empower human ingenuity. As outlined in our 2022 Impact Summary Report, Microsoft’s commitment and responsibility extends beyond the development of products and technology. Microsoft succeeds when we help the world around us succeed. That is why we are steadfast in our commitments to advance inclusive economic growth, protect fundamental rights, create a sustainable future, and earn trust. Our global supply chains Extended supply Extended supply Directly contracted chain: raw material chain: component supply base: Microsoft products extraction and production or product assembly and services processing services or services As a global technology company, our supply chains have multiple tiers of suppliers. In FY23, we sourced goods and services from over 20,000 directly contracted suppliers in 107 countries, and across 92 commodity types such as electronics, construction, event and marketing services. Our supply chains are formed by layered networks of directly contracted suppliers and the extended supply chain (indirect or sub-tier) which is comprised of suppliers that service our direct suppliers. Upholding our commitments to human rights and decent working conditions requires a combination of centralized and business-unit specific functions. These business units are at various stages of implementation based on the specific business lines and scope within Microsoft’s supply chain. Each of the Reporting Entities sells products and services that have components supplied under the management of different supply chain teams, as is further described below. We strive to make positive impact throughout this network through our policies and practices. Microsoft’s supply chain teams Microsoft manages relationships with its supply chains through the following teams (collectively referred to as Supply Chain Teams), which make goods and services that may be sold by the Reporting Entities: Procurement: Maintains relationships with suppliers providing goods and services to Microsoft business units and corporate operations, including suppliers that operate Microsoft’s owned buildings and transportation fleet. Devices: Maintains relationships with suppliers manufacturing our devices, related packaging materials, or components. Cloud Hardware: Maintains relationships with suppliers manufacturing hardware components and equipment that go into our data center servers supporting Microsoft’s global cloud infrastructure. 4 Cloud Operations and Innovation (CO+I): Maintains relationships with suppliers supporting our datacenter land acquisitions, construction, and operations. LinkedIn: Maintains relationships with suppliers supporting LinkedIn goods and services sold by Reporting Entities. GitHub: Maintains relationships with suppliers supporting GitHub services sold by Reporting Entities. In FY23, GitHub supplier management was integrated into Procurement and is now covered by Procurement. Risk Management Oversight and Management Responsibility As part of Microsoft’s ongoing commitment to safeguarding respect for the environment and human rights in its supply chain, Microsoft established the Supply Chain Integrity (SCI) Team. SCI exists within the Corporate, External, and Legal Affairs (CELA) Technology for Fundamental Rights (TFR) organization. It is responsible for the company’s overarching strategy on supply chain due diligence standards covering environment, health and safety, human rights, and ethics, as well as supplier risk management in our global supply chains. SCI works across Microsoft’s global operations and supply chains, including the supply chains of the products and services sold through our Reporting Entities, to identify and mitigate supply chain risks. The team partners across Microsoft to manage compliance with global laws and regulations, as well as expectations from customers, investors, nongovernmental organizations (NGOs), and other stakeholders. SCI standardizes due diligence and reporting practices for Supply Chain Teams, reviews implementation of these requirements, monitors progress, and shares best practices. In addition, SCI works with external organizations, as detailed in the Microsoft External Engagements section below. Open engagement expands our impact and provides an opportunity to learn from our peers and stakeholders. Through cross-company and cross-industry collaborations, we identify and mitigate risks, including modern slavery risks. Continuous improvement results in real impacts realized by the individuals and communities tied to our global supply chains. The Environmental, Social, and Public Policy (ESPP) Committee of the Board oversees our environmental sustainability and corporate social responsibility work, and partners with management to review our supply chain integrity policies, programs, and performance. SCI, Supply Chain Teams, and other compliance teams within CELA provide regular updates to their senior leadership for visibility and oversight; all engage in cross-team reporting and collaboration to identify ways to advance Microsoft’s compliance and commitments. These Microsoft corporate teams include: Legal experts; Investor Relations; Human Rights; Trade; Customs; Environmental Sustainability; Corporate Communications and Public Relations; Enterprise Risk Management; Digital Infrastructure; and Internal Audit. 5 Fundamental Rights Policies Supporting economic growth, protecting fundamental rights, creating a sustainable future, and earning trust are key to Microsoft’s long-term mission. We work to implement these commitments throughout our operations, supply chains, and broader society. We are committed to respecting and taking steps to ensure our suppliers respect internationally recognized human rights, including those relevant to the elimination of modern slavery, in the following key international instruments: Universal Declaration of Human Rights International Covenant on Civil and Political Rights International Covenant on Economic, Social and Cultural Rights International Labor Organization’s Declaration on Fundamental Principles and Rights at Work, including the core labor conventions Convention on the Elimination of All Forms of Discrimination against Women Convention on the Rights of the Child Convention on the Rights of Persons with Disabilities International Convention on the Elimination of All Forms of Racial Discrimination International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families Geneva Conventions and their Additional Protocols Rome Statute of the International Criminal Court United Nations Declaration on the Rights of Indigenous Peoples United Nations Declaration on Human Rights Defenders We are members, signatories, or supporters of the following frameworks and multi-stakeholder initiatives: Child Rights and Business Principles United Nations Global Compact Tackling Discrimination against Lesbian, Gay, Bi, Trans, & Intersex People Women’s Empowerment Principles Global Network Initiative Global Supply Chain Human Supplier Codes of Human Rights Statement Rights Policy Statement Conduct Our expectations Our expectations for for suppliers suppliers Our Our commitment commitment to to Our Our approach approach to supply to supply chain are outlined are outlined in in the the Microsoft Microsoft respecting respecting and and promoting chain promoting due due diligence diligence risk risk Supplier Code Supplier Code of of Conduct, Conduct, human human rights, rights, to to ensure ensure that that management and management and mitigation LinkedIn Provider LinkedIn Provider Code Code of of technology technology plays plays aa positive positive mitigation measures. measures. Conduct, and Conduct, and Partner Partner Code Code of of role role across across the the globe. globe. Conduct (Trust Conduct (Trust Code). Code). Learn more here. Learn more here. Learn more here. We have also developed and adopted our own statement on human rights. The Microsoft Global Human Rights Statement describes our approach to advancing human dignity and respecting human rights by: Clearly stating our human rights policies; 6 Explaining how we advance these policies through our business operations and practices; Proactively engaging with stakeholders for feedback to help evolve our approach; and Looking to international principles and norms, such as the UN Guiding Principles on Business and Human Rights, to guide our human rights due diligence. Supply chain integrity in action: Aligning codes with LinkedIn LinkedIn adopted the Microsoft Global Human Rights Statement, which describes our approach to advancing human dignity and respecting human rights. LinkedIn’s adoption of the Statement is an example of how an acquired company can leverage Microsoft’s governance around human rights. We put these commitments into practice by: Actively participating in and leveraging relevant human rights-focused collaborative initiatives, such as the Responsible Business Alliance and the Responsible Minerals Initiative, discussed further in the Microsoft External Engagements section; and Communicating annually on the work we are doing to meet our human rights responsibilities through our reporting and other transparency vehicles. We have created, published, and enacted three Microsoft-specific documents to guide how we, our suppliers, and sub-tier suppliers, operate: the Supply Chain Human Rights Policy Statement, the Supplier Code of Conduct, and the Partner Code of Conduct. Each of these documents is critical to defining and acting on our human rights commitments. 1. Supply Chain Human Rights Policy Statement: The statement outlines how Microsoft operationalizes our overall commitment to human rights and environment, outlined in the Microsoft Global Human Rights Statement, in our corporate, business and subsidiary supply chains through supply chain risk management measures. This policy statement targets Microsoft’s direct and extended supply chain and mandates a risk management system in alignment with the OECD Due Diligence Guidance for Responsible Business Conduct, the steps which are outlined in the graphic below. The policy is communicated to Microsoft employees and contractors responsible for managing supply chain risks, as well as all our directly contracted suppliers. 7 Communication through Risk assessments conducted internal and external periodicallyto identify, weigh, trainings, accountabilityto and prioritize human rights stakeholders and in and environmental risk reporting Embedding fundamental rights strategy Remediation with fundamental rights processes Effectiveness measures policies, risk management addressing issues reviewed annually and oversight and documented by continuously improved responsibility investigations and and best practices shared audits across teams Risk mitigation occurring through supplier lifecycle - onboarding, monitoring, offboarding 2. Supplier Code of Conduct: Supplier expectations are defined in Microsoft’s Supplier Code of Conduct (SCoC) and the Code of Conduct for Doing Business with LinkedIn. Directly contracted suppliers are contractually obligated to meet these requirements. They are also required to cascade Microsoft’s human rights supply chain expectations to their supply chains through their own direct contracts with sub-tier suppliers. Supply chain integrity in action: Going beyond standards defined in our SCoC The following are examples of how we go beyond our SCoC standards to address supplier categories with human rights and environmental impacts. Devices: In addition to implementing company-wide policies and procedures, Devices carries out enhanced due diligence to mitigate risks specific to its organization. Devices hardware and packaging suppliers go beyond the standards defined in the SCoC and also meet the standards set out in the supplementary Supplier Social and Environmental Accountability (SEA) Manual. The Manual includes enhanced expectations for, amongst other areas, freely chosen employment, child labor prohibitions, worker living conditions and wages, human rights, safe working practices, raw materials, and environmental, health, and safety protections. These requirements must be included in suppliers’ contracts with sub-tier suppliers too, to address modern slavery and other risks across Devices’ direct and indirect supply chains. 8 Supply chain integrity in action: Going beyond standards defined in our SCoC (cont’d) Cloud Hardware: The team implements the Advanced Security & Resiliency Architecture (ASRA), an independent supplier assessment that includes standards for supplier resiliency and security. Suppliers are required to communicate ASRA standards and perform assessments to verify sub-tier suppliers, partners, and contractors adhere to requirements. 3. Microsoft Partner Code of Conduct (PCoC): This applies to Microsoft Partners and their employees, agents, and subcontractors (collectively referred to as Partners), which work with us to serve Microsoft customers. As outlined in the PCoC, Partners must provide a safe and healthy work environment that is fully compliant with all employment, health, and safety laws. Partners are also required to abide by local minimum wage and maximum working hour requirements and are prohibited from using forced labor, child labor or labor contracts that impose unreasonable limitations on a worker’s ability to leave a Partner’s employment. The Supply Chain Human Rights Statement, SCoC, and the PCoC are reviewed and updated as our understanding and situations change and demonstrate and advance our dedication to continually improve. Every year, we update Microsoft policies, procedures, and supplier requirements to reflect risk trends, new legal requirements, and stakeholder expectations. At Microsoft, we also recognize that human rights are inherently tied to the health of the environment. Creating a sustainable future is one of our corporate social responsibility pillars, and our work reflects this priority. We continue to make progress towards our carbon negative, water positive, zero waste, and ecosystem protection commitments, as highlighted in our 2022 Microsoft Environmental Sustainability Report. Supply chain integrity in action: Procurement updates We continually strive to stay on the leading edge of supply chain best practices. We hold suppliers to standards that protect human rights, the health and safety of workers, and the environment. These efforts align with our company-wide Corporate Social Responsibility (CSR) commitments to support inclusive economic growth, protect fundamental rights, create a sustainable future, and earn trust. 9 Supply chain integrity in action: Procurement updates (cont’d) In FY23, we advanced these commitments by taking concrete action throughout the supply chain. Update of the Microsoft Supplier Code of Conduct. We’ve strengthened our SCoC by integrating our CSR commitments into our most recent update. This update puts us in compliance with new and existing supply chain transparency laws across the globe. We review our Code of Conduct regularly to identify updates that will minimize harm and expand our positive impact on the people and communities that contribute to making Microsoft products. Supplier attestation requirement. We also implemented an annual supplier attestation to our SCoC. This brings our supply chain processes into compliance with recently passed due diligence transparency laws in Germany and Norway. In July 2023, we extended the attestation requirements to our global supply base. By going beyond country-specific laws, we hold our entire supply chain to the same standards. Stakeholder Consultation The requirements defined in the Microsoft and LinkedIn SCoC and our risk management practices are drawn from internationally recognized standards, legal obligations, and industry best practices. Extensive stakeholder and subject matter consultations and reviews, including with vulnerable populations, are conducted in the development of these standards and best practices. Embedding Fundamental Rights Strategy and Risk Assessments Supply chains are critical to Microsoft’s business. These complex networks touch virtually every part of the company, enabling us to create the products, devices, and services for which Microsoft is known. We embed our commitment to fundamental rights in how we manage and monitor our supply chains. This responsibility flows throughout all Microsoft Supply Chain Teams. Corporate guidance, informed by global legal requirements and established Microsoft policy, steers teams in enacting due diligence management systems which include as a key component, various measures designed to assess risk. These apply to both our directly contracted suppliers and our extended supply chains. Directly contracted supply base We conduct an annual company-wide supply chain risk assessment to identify human rights and environmental risk, then prioritize steps to reduce that risk. This assessment covers all direct supplier categories to inform our prioritization of those supplier categories posing the highest risks in our supply chains. To evaluate which categories warrant the most attention, we consider criteria such as country- specific environmental and human rights risk and supplier sectoral risk. 10 Based on the results of the risk assessment, each Supply Chain Team reviews their supplier categories annually, starting with their highest risk categories. They then conduct supplier risk assessments to determine the type and frequency of supplier monitoring needed. All Supply Chain Teams remain vigilant for the risk of modern slavery practices and follow company-wide policies to identify and prevent modern slavery in their operations and supply chains. In line with our risk- based approach to due diligence, our programs to minimize modern slavery practices focus on the Devices and Cloud Hardware supply chains, particularly in high-risk countries where risks to potentially vulnerable workers are higher. This aligns with the United States Department of Labor’s List of Goods Produced with Child Labor or Forced Labor, which has identified electronics manufacturing as a potential area that might pose a threat of child and forced labor. Extended supply chain Microsoft adopts a risk-based approach in assessing our indirect raw materials supply chain – that is, how the materials needed for our products and services get to our suppliers. While Microsoft does not have direct contracts with sub-tier suppliers in the raw materials supply chain, we nevertheless assess our indirect suppliers using a variety of factors to identify the ones that present the highest social, environmental, and business risks. We then survey our directly contracted suppliers to gather additional data on how prioritized high-risk materials are sourced. Event-related risk analysis Sometimes we identify a new risk during the year. This may be triggered by changes in our supply chain profile such as new country operations, new business relationships, new human rights challenges or conflicts, or other event-related risks. To better understand and mitigate new risks, we do not wait for routine assessments, but rather conduct an ad-hoc risk assessment. We addressed several new risks in FY23, including challenges raised by continued impacts of the COVID-19 pandemic, the need for geo- diversification, and the enactment of new laws. Communication of results Through Microsoft’s most recent risk assessment, we prioritized review of the following risks due to the nature of our business and supply chains: forced labor, workplace health and safety risks, excessive overtime, threats to community health and wellbeing (including land use and property rights, particularly for local communities and indigenous peoples), freedom of association, discrimination and harassment, corruption, low wages, and child labor. Corporate risk assessment results are communicated to senior leadership and all Supply Chain Teams. This information is also included in our public Supply Chain Human Rights Policy Statement. In addition, Supply Chain Teams communicate risks specific to particular supply chains to the senior leadership of the respective business team. Risk Mitigation Measures Identification and analysis of risk is the crucial first step in building supply chains that uphold human rights. The logical next question: what do we do with that information? The answer is concrete and actionable mitigation measures. These measures work to mitigate the risk of modern slavery, and other human rights and environmental impacts. 11 Directly contracted supply base Microsoft employs mitigation measures to prevent risk impacts among direct suppliers, including: Evaluating suppliers before contracting: New suppliers are vetted through a pre-qualification process including a risk assessment. We review results against relevant external benchmarks or metrics, such as industry risk indices, while evaluating a potential supplier’s fit for our needs. In some supplier categories, suppliers are required to complete a self-assessment questionnaire and in other high-risk supplier categories, we conduct pre-qualification assessments before engaging. Weighing suppliers’ dedication to human rights and applying appropriate procurement strategies: Supply Chain Teams review the performance of suppliers, including their compliance with environmental and human rights standards in the SCoC. Teams consider this evaluation when deciding whether or not to begin or continue working with suppliers. Embedding human rights compliance into contracts: Suppliers are contractually obligated to abide by Microsoft’s or LinkedIn’s SCoC. Training to support compliance: All suppliers must complete the SCoC training and confirm their understanding of supplier expectations. Adhering to risk management practices: All suppliers are expected to build management systems to mitigate risks to the standards set by Microsoft in the SCoC. If suppliers do not meet expectations, they are required to correct their processes within Microsoft-mandated timelines. Supply chain integrity in action: Vetting and assessments Suppliers are vetted before we engage their services. Additionally, they sign onto the Microsoft or LinkedIn Supplier Code of Conduct and the Supply Chain Human Rights Policy Statement. Still, sometimes suppliers’ performance falls short of these standards, and in those cases, we take corrective action, and may also suspend or terminate suppliers that do not uphold our human rights standards. Here, several examples show how we address supplier issues, including in our Devices and Cloud Hardware electronics supply chains, which pose higher environmental and human rights risks. Devices: The Devices Supply Chain Team regularly engages with and monitors suppliers to prevent forced labor. Specially trained auditors look for indicators of forced labor, applying the factors defined by the International Labor Organization Indicators of Forced Labor. Beyond the issues that are flagged through the Corporate Integrity Hotline, a worker hotline also receives tips of possible violations. If the team finds an indicator of forced labor, they investigate and work with the supplier to correct the issue, including steps to minimize harm to workers, and use our contractual agreements. 12 Supply chain integrity in action: Vetting and assessments (cont’d) Cloud: The Cloud Hardware Supply Chain Team uses the independent supplier assessment ASRA, including its Labor and Human Rights requirements, to evaluate suppliers. This assessment enables the team to focus on high-risk issues such as child labor, working hours, wages and benefits, humane treatment, non-discrimination, freedom of association, and freely chosen employment. They also monitor workplace safety, product safety, hazardous substances management, waste management, sustainability, and corporate social responsibility. LinkedIn: LinkedIn expanded its Supplier Risk and Compliance Program. New risk assessments and due diligence policies cover Supply Chain Integrity, Diversity & Inclusion, and Environmental risks. These assessments support LinkedIn in identifying, evaluating, and managing risks. Further, LinkedIn extended its comprehensive grievance mechanism beyond employees. Now LinkedIn suppliers can also report human rights violations through an established, documented process. The mechanism includes a built-in process to address identified violations. Extended supply chain In addition to addressing issues in our immediate supply chain, we mitigate risks in our extended supply chains – that is, the supply chains that provide our direct suppliers with the goods and services they need to operate. We evaluate risk trends and gather information received from industry bodies, governments, and our suppliers. Microsoft participates in the Responsible Minerals Assurance Process (“RMAP”) through the Responsible Minerals Initiative (“RMI”) to bolster our risk management of raw materials extraction and processing suppliers in the electronics hardware supply chain. A range of industry stakeholders leverage and support RMAP. RMAP verifies that minerals processors (smelters and refiners) employ responsible sourcing practices and management systems, and requires independent, third-party audits to assess, monitor, and validate whether smelters and refiners process conflict minerals (tin, tantalum, tungsten, and gold, also known as 3TGs) from sources that directly or indirectly finance or benefit armed groups in a Conflict Affected and High-Risk Area (CAHRA). The audit protocol is aligned with the OECD Due Diligence Guidance for Responsible Business Conduct. More information about mapping, smelters and refiners, and conflict minerals and cobalt used in Devices supply chains can be found in the Microsoft Devices Smelter and Refiner List and Microsoft’s Conflict Minerals Report. We also work beyond our direct supply chain to promote responsible mining practices in CAHRAs. We partner with multi-stakeholder groups such as the Initiative for Responsible Mining Assurance (IRMA), the Public-Private Alliance for Responsible Minerals Trade (PPA), industry organizations including the RMI, and others. We seek to go beyond the minimum requirements established by the OECD Due Diligence Guidance to assess and reduce sourcing risks and improve working conditions in our raw material supply chains. Finally, we partner with on-the-ground organizations to solve root-cause issues underlying raw materials risks and downstream impacts of mining that affect surrounding communities. Through our leadership within RMI and IRMA, Microsoft is working to influence the future of responsible raw materials 13 sourcing so that minerals are mined to international standards co-created by, co-governed by, and accessible to impacted communities. Supply chain integrity in action: Mitigating forced labor risk in the extended supply chain Mitigation of forced labor risk relies on commitment and collaboration at every point in the supply chain. Since FY19, Devices has extended our social and environmental accountability requirements to sub-tier suppliers given electronics suppliers pose a higher risk for human rights impacts. These requirements include measures on freely chosen employment. To effect downstream compliance with our human rights standards, we require suppliers to establish and follow a robust supplier management system. This enables suppliers to communicate policies, identify and mitigate risks, assess and audit sub-tier suppliers, manage violations, and confirm auditor competency. In some of our highest-risk supply chains, our oversight includes on-site supplier assessments, including of labor agencies used, every year. We also require any non-conformance closure to follow Microsoft standards, as outlined and agreed upon in the signed SCoC. We have built upon this progress in FY23 as described below. Train suppliers. We developed a sub-tier supplier due diligence guidebook. We also offered training to accompany the new guidebook and provided direct support for suppliers to establish a supplier compliance management system. Roughly 520 attendees joined the trainings, increasing supplier capacity to reduce forced labor risk among sub-tier suppliers. Build supplier auditor capability. A compliance management system is one vital piece to mitigating forced labor risk. A robust system also needs competent, trained individuals to implement and manage the risks. To enable this, we delivered three sessions of auditor courses in Chinese and English. Training covered audit skills, labor risk identification, and Environmental, Health and Safety (EHS) risk identification for potential safety and environmental hazards. Over 450 supplier auditors attended the webinar trainings. Monitor suppliers’ performance. We closely track our Tier 1 suppliers’ performance in compliance management and sub-tier supplier management. Monthly reporting and assessments confirm that all Tier 1 suppliers include freely chosen employment factors in their supplier risk assessments and audits. When issues are identified, Tier 1 suppliers require their suppliers to correct the issue within Microsoft established timelines. 14 Remediation Processes When suppliers do not abide by the protections laid out in our Supply Chain Human Rights Policy Statement and Supplier Code of Conduct, we take steps to correct the issues. Directly contracted supply base Supply Chain Teams conduct risk-based monitoring of supplier practices throughout the time we engage with the supplier. Depending on the supplier category, monitoring may include reviewing supplier practices through questionnaires, desk-based assessments, and/or on-site assessments. For our electronics suppliers, on-site assessments are primarily conducted by qualified third parties. If we or a third party identify findings, the relevant Supply Chain Team, in alignment with Microsoft’s corporate guidance and international due diligence principles, assesses whether Microsoft is causing, contributing to, or directly linked to an actual or potential adverse human rights or environmental impact. Given the nature of our relationships with direct suppliers, most non-conformances are cases where Microsoft has a direct contractual relationship with the supplier such that we can work directly to implement corrective action, remediate the problem where possible, or terminate the contractual relationship, where applicable. We have already or are developing systems so all investigations and assessments of non-conformances utilize a process with clear internal responsibility and escalation paths. Steps include: Documenting how investigations and assessments are conducted; Documenting how issues are mitigated and resolved; and Integrating new risk categories identified during investigations and supplier assessments into our annual risk reviews. Supply Chain Teams prioritize the management of non-conformances by considering numerous factors, including the likelihood of the adverse impact (confirmed, likely, possible, speculative), the severity of the adverse impact (critical, serious, major, minor), our ability to bring about change with the supplier, and whether terminating the relationship would cause adverse consequences for workers. Corrective actions include remediation plans, closure timeframes based on severity, and a business process for tracking closure. In the event of a violation of Microsoft policies, and in line with international standards, we work with suppliers to mitigate risks. If a supplier is unable or unwilling to respect rights, a supplier engagement may be restricted, suspended, or terminated, and any related products may be removed from the market. Supply Chain Teams also coordinate with each other to influence shared supplier practices. Assessment findings and closure Microsoft monitors suppliers based on risk they represent in our supply chains, and the Devices and Cloud Hardware electronics supply chains pose a higher risk for environmental and human rights impacts. If supplier issues are found within the Devices supply chain, third-party auditors and Microsoft teams review and verify supplier action plans. Suppliers must provide corrective action and remedy any findings following timelines based on severity. In an instance where a critical finding of forced labor is found, Microsoft senior management is notified within 24 hours with a mandate that suppliers implement and contain the issue within 24 hours. The Devices team then schedules a follow up audit in 7 days to validate 15 that the issue has been resolved. If the supplier cannot resolve the issue within the required timeline, the supplier will be restricted from use. Similarly, for the Cloud Hardware supply chain, Microsoft works closely with suppliers to develop effective remediation plans to mitigate and resolve compliance gaps and track corrective actions through implementation. Assessment findings are classified by severity of issue, which determines the timeframe that suppliers have for remediation. Where a critical finding of forced labor is identified, the supplier is required to generate a remediation plan to correct the finding. The remediation plan is reviewed by the Cloud Hardware assessment team and if the proposal is adequate, the plan is approved and the supplier must implement the corrective action within 10 days, along with providing evidence that the finding is promptly closed. FY23 top instances of findings against our SCoC standards - source data available for download at https://aka.ms/FY23AssessmentFindings Cloud Hardware Devices In FY23, in the category of freely chosen employment, no forced labor was found in the electronics supply chain, the supplier category at highest risk for forced labor. We identified certain findings of risk indicators against Microsoft policies, including: Finding Category Number Resolution (closure action plans in place for those marked “in-progress”) Training bond 1 1 closed Unreasonable restriction on employment 2 2 closed termination Prohibited recruitment fees 10 9 closed, 1 in-progress pending Responsible Business Alliance (RBA) industry assessment Educational loan with required bond 1 1 closed period and repayment No policy or procedure that prohibits 5 2 closed, 3 in-progress forced labor and human trafficking or no plan to monitor the risks 16 Retention of worker identity documents 1 1 in-progress pending RBA industry assessment Restriction of exiting the site during non- 2 2 closed working hours Restriction of access to basic liberties 1 1 closed In cases where our assessment findings determined that a factory employee paid recruitment or employment fees, we require those suppliers to immediately repay employees, based on local law and Microsoft requirements. In FY23, Devices suppliers repaid $44,479 in recruitment fees to 2,147 supplier employees. Extended supply chain Within our raw materials extraction and processing extended supply chains, if any non-conforming smelters or refiners are identified, or those not participating in the RMAP process, we work with our suppliers and industry peers to bring the facility into conformance with RMAP. In cases where the smelters are not willing or able to become conformant, we work with suppliers to remove the facility from our supply chain. Effectiveness Measures Our Supply Chain Teams are expected to review the effectiveness of their risk mitigation processes at least yearly and make any necessary changes to continuously improve. We are building cross-company strategies to assess effectiveness and the maturity of Microsoft’s supply chain programs. For example, SCI developed scorecards to identify progress in supply chain due diligence maturity and coordinates to share best practices across all Supply Chain Teams. Additionally, we track the internal training of employees focusing on supply chain due diligence and the complaints received through our grievance mechanisms. Grievance Mechanisms Corporate Integrity Hotline Available in multiple languages to all employees and external parties to call in, email, fax, mail, or submit a report about potential violations of law and policy Devices Workers' Voice Hotline Allows supplier workers to anonymously report complaints Rules of procedure communicated to suppliers by training, posted on the work floors, distributed via information cards and shared in a language workers can understand. LinkedIn’s Helpline Provides an anonymous helpline for any employee, supplier, or the general public to submit a complaint. Employees are able to file complaints in multiple ways and at any time. 17 We regularly assess our supply chains to identify potential issues. We have also built systems that enable Microsoft employees, partners, supplier workers, and others to safely and anonymously raise concerns. Corporate Integrity Hotline Microsoft has operated a corporate integrity hotline to receive concerns about potential misconduct, including grievances, for over 20 years. The hotline is available to all employees and external parties, including those workers and worker representatives in our supply chains, to report concerns about potential violations of law, Microsoft codes of conduct, and Microsoft policies. The hotline is publicly available online at www.microsoftintegrity.com and in the interest of increasing accessibility, includes information about how to report a compliance concern in multiple languages. Microsoft’s Compliance & Ethics (“C&E”) team oversees the processing of reports received through this hotline. Depending on the nature of the report, C&E triages and processes them in one of four ways: Reports concerning potential violations of law or Microsoft policies are referred to C&E’s Business and Regulatory Investigations team. Requests for guidance on compliance with policies or law are referred to relevant teams within C&E. Reports concerning employee workplace conduct are referred to C&E’s Workplace Investigations team. Reports concerning matters out-of-scope for C&E, such as those that relate to human resources, privacy, or other types of legal matters, are referred to other Microsoft organizations. The hotline allows parties to raise concerns or grievances in multiple ways, including: Calling an international or local toll-free telephone number published on the Integrity Portal; the line is staffed 24 hours a day, seven days a week and is available in several languages; Submitting an online report through the Integrity Portal; and By email, fax, or mail using details on www.microsoftintegrity.com. Microsoft also encourages its employees and external parties to raise concerns with any member of Microsoft management, local or corporate Human Resources, Finance, or CELA. These groups are trained to relay concerns through the reporting channels, including the corporate integrity hotline. All reports are acknowledged and addressed through a Microsoft internal process. This process contains several safeguards to protect reporter confidentiality, including anonymous reporting, limiting persons engaged in grievance reporting to only those with a “need to know,” and protections against information disclosure. Workers’ Voice Hotline In addition to the corporate hotline described above, Devices operates its own grievance mechanism to enhance the reach of our grievance mechanisms to workers at our manufacturing facilities. This provides an additional mechanism to get insights on supplier performance in the electronics supply chain. Devices maintains a Workers’ Voice Hotline and a complaints resolution protocol that is anchored to the UN Guiding Principles on Business and Human Rights, the Worker Engagement Supported by Technology (WEST) Principles, and the RBA Code of Conduct. All grievances coming through the corporate hotline that concern the Devices supply chain are addressed through this procedure. 18 The Workers’ Voice Hotline rules of procedure are communicated to suppliers through training, posters displayed on the work floors, and information cards distributed to workers in a language workers can understand. Supplier workers can make hotline complaints anonymously. Third-party operators are trained to ensure confidentiality by protecting reporters’ identity and any information that could reveal their identity. The third-party organization follows-up on reports to verify the case was resolved, ask about workers’ satisfaction with the results, and check whether any retaliation has occurred because of the complaint. In addition, a worker survey is conducted annually to understand reporters’ feedback on the effectiveness of the program. Microsoft program managers monitor the case handling process to confirm these principles are followed. In FY23, 100% of Microsoft-assessed factories in China and all our Tier 1 factories in non-China areas had access to the Workers’ Voice Hotline, covering 188 hardware final assembly and strategic component manufacturing supplier factories. LinkedIn Helpline Additionally, LinkedIn operates an anonymous Helpline as a separate grievance mechanism for its business. Employees, suppliers and the public can submit a complaint at any time. Employees can also make a report through managers, HR Business Partners, the Global Compliance and Integrity inbox and/or the Employee Relations inbox. LinkedIn's Speak Up policy and other relevant policies are publicly available on its Customer Portal and its Supplier Portal. Managers are expected to encourage employees to raise concerns, act impartially, respond respectfully to concerns, take reports seriously, and make every effort to maintain the confidentiality of the person reporting to ensure that no one is subject to retaliation or reprisal. LinkedIn provides mandatory training to managers to reinforce these norms. Internal and External Training Microsoft expects all directly contracted suppliers to complete the SCoC training and confirm their understanding of supplier expectations. In addition, Supply Chain Teams conduct supplemental training of suppliers. In Devices, the Social and Environmental Accountability (SEA) Academy Program educates suppliers and Microsoft employees to prevent modern slavery and other impacts, and to continuously improve working conditions. In addition, we provide internal trainings to all Microsoft staff who manage supply chain risks. In FY23, the SCI team rolled out training on due diligence expectations and practical ways to implement them. Supply Chain Teams also regularly train and collaborate with other Microsoft teams within Microsoft, including sourcing and procurement, trade, legal, and others. 19 Supply chain integrity in action: Training suppliers In FY23, we updated our Supplier Code of Conduct training, which covers human rights, health and safety, and environmental compliance. The online course reaches at least 100,000 supplier employees every year. We are now working to increase its reach even further: we plan to expand this mandatory training to GitHub and LinkedIn suppliers in 2024. Microsoft External Engagements Modern slavery in its various forms is a global, systemic issue. No one organization or solution alone can address these problems’ complex roots and far-reaching effects. Worldwide, networks of organizations combating modern slavery are making progress. A combination of technology, targeted funding, employee volunteerism, and internationally coordinated efforts are making a difference in individual lives, communities, and society at large. Our work fits into this vital effort. We engage with several multi-stakeholder initiatives to prevent modern slavery and strive to empower other organizations and individuals to lend a hand in this fight. These efforts include: Tech Against Trafficking (TAT): Microsoft is a founding member of TAT, a coalition of technology companies working with civil society organizations to help combat human trafficking and increase survivors’ access to resources. Through the TAT accelerator program, Microsoft partnered with a range of organizations to create advanced research technologies supporting evidence-based decision making and policy. These include new approaches to safely share case data (with UN International Organization for Migration and the Counter-Trafficking Data Collaborative, 2019), detect hidden patterns in time-varying data streams (with Unseen United Kingdom and Seattle Against Slavery, 2021), and use generative AI to detect and report on data insights (with Issara Institute and Polaris, 2023). We have also participated in TAT’s steering committee, provided technology expertise to anti- trafficking NGOs, developed an interactive map of anti-trafficking technology tools, and supported policy engagement with government audiences, including testifying at two United States (US) congressional hearings. Project Trafficking Interruption Resource Agent (TIRA): Project TIRA offers advocates and survivors of human trafficking an accurate and real-time view of the available resources that can meet their unique needs. TIRA leverages Microsoft’s Azure Bot Services with text-based mobile interaction so survivors and allies can easily connect to available services. TIRA also leverages Azure Defender for Cloud to keep sensitive data secure – a significant concern for this vulnerable population. TIRA provides an easy-to-navigate search function to allow advocates to quickly find services for their clients. To date, TIRA has onboarded 110 service provider organizations and 133 service offerings, including services to find shelter, mental health services, childcare services, and job training. Street Grace: Microsoft supports Street Grace and its initiative Transaction Intercept, a platform working to disrupt the trafficking of minors. The software-as-a-service (SAAS) platform enables law enforcement, nonprofits, research groups, and universities to leverage AI-powered chatbots at scale to identify potential buyers, confirm intent to purchase a minor, and communicate back the risks and 20 consequences of the potential buyer’s actions. Microsoft’s support comes through employee skill- based volunteering and grants to use Azure Cognitive Services, CosmosDB, Web Apps, and Azure Functions. Missing Children Society of Canada (MCSC): MCSC, Microsoft, and ESRI are leveraging technology to aid police and families in active searches for missing children across the country. These children are in danger of exposure to high-risk activities including human trafficking and forced labor. The public can use the MCSC web app to access information about missing children in Canada, sign up for SMS text alerts about new cases in their area, and offer tips about existing cases – all to help find missing children faster. Thorn: Thorn and Microsoft have been working together for several years to fight child exploitation and human trafficking. In addition to sharing PhotoDNA technology with Thorn, Microsoft has provided technology and volunteers in support of a project originally called “Child Finder Service”. This project emerged from Microsoft hackathons in 2015 and 2016 and culminated in the donation of Microsoft technology underlying Thorn’s Spotlight product. National Center for Missing and Exploited Children (NCMEC): NCMEC is the US clearinghouse and comprehensive reporting center for the prevention of, and recovery from, child victimization, including abduction, abuse, and exploitation. The public and electronic service providers can use NCMEC’s CyberTipline to report online enticement of children for sexual acts and child exploitation material. Microsoft has donated the Azure service PhotoDNA to the NCMEC and to qualified organizations, including technology companies, developers, and nonprofit organizations, for the purpose of combatting child exploitation. We have also provided PhotoDNA for free to law enforcement, primarily to forensic tool developers. In addition, we are actively involved in the following organizations to develop due diligence standards and increase transparency around human rights and environmental impacts: Responsible Business Alliance (RBA): We actively engage with RBA to understand and influence best practices in responsible sourcing across the manufacturing industry. Responsible Minerals Initiative (RMI): Microsoft supports RMI in its work to improve standards and transparency across global minerals supply chains. Global Battery Alliance (GBA): We support this public-private platform of organizations, founded to help establish a sustainable battery value chain and to leverage technology to increase the traceability of battery materials throughout the supply chain. Initiative for Responsible Mining Assurance (IRMA): We work with IRMA to develop standards for socially and environmentally responsible industrial mining and promote responsible mining practices in CAHRAs. Public-Private Alliance for Responsible Minerals Trade (PPA): We work with PPA, a multi-sector initiative, to support projects in the Democratic Republic of Congo (DRC) and the surrounding Great Lakes Region of Central Africa (GLR), to improve due diligence and governance systems. 21 Microsoft employees engage in skills-based volunteering for initiatives fighting modern slavery and human trafficking. Additionally, we donate technology and expertise to help nonprofits and other organizations create new, innovative solutions to scale impact and help individuals. The global community must tackle this entrenched challenge together, and Microsoft and its employees are committed to acting and making progress to increase transparency and protect fundamental rights. The Path Forward & Ongoing Commitments We recognize our responsibility to respect human rights. We remain committed to supply chain integrity in our corporate and subsidiary operations, and in our global supply chains. Going forward, we commit to the following actions: We will continue to improve and enhance existing governance, risk assessment, and due diligence activities, policies, programs, trainings, and tools across the company to mitigate and prevent the risk of human rights and environmental impacts in our operations and our supply chains. We will build Microsoft’s supplier engagement and compliance on topics related to human rights and environmental issues through supplier forums, webinars, trainings, and resources for internal and external stakeholders. We will deepen our engagement with relevant industry groups and external stakeholders to define and improve industry best practices and build supplier awareness of appropriate remediation actions. We will promote collaboration, information sharing, and benchmarking across Microsoft so that human rights risks are assessed in a consistent manner and to mitigate associated risks in our operations and business supply chains. We will contribute to technical and philanthropic efforts and develop and use technology to address the root causes of human rights and environmental issues. We will evolve our corporate policies and procedures to reflect changes in international human rights law, including a declaration by the United Nations Human Rights Council that access to a clear and healthy environment is a basic human right. We recognize that, given the diversity and complexity of local conditions and laws worldwide and the number of stakeholders involved in modern supply chains, we can always benefit from additional input and perspectives, and invite all readers of this Statement to engage with us to help improve our implementation and performance. For more information on our efforts, please visit www.microsoft.com/csr. 22 Annex 1: Our Reporting Entities Law Covered Subsidiary United Kingdom (UK) Modern Slavery Act Microsoft Limited (Ltd) Microsoft Research Ltd MSFT MCIO Ltd Metaswitch Networks Ltd LinkedIn Technology UK Ltd GitHub Software UK Ltd ZeniMax Europe Limited Australian Modern Slavery Act Microsoft Pty Ltd Microsoft Australia Holdings Pty Ltd Microsoft Datacenter (Australia) Pty Ltd LinkedIn Singapore Pte Ltd (Australia Branch office) Canada Fighting Against Forced Labor and Microsoft Corporation (US) Child Labor in Supply Chains Act Microsoft Retail Store Canada Inc Microsoft Canada Inc 3288212 Nova Scotia Ltd Microsoft Canada Development Center Co. Norway Transparency Act Microsoft Norge AS Microsoft Datacenter Norway AS Microsoft Development Center Norway A Microsoft is submitting this Statement on behalf of these Microsoft subsidiaries because they use the same Microsoft corporate policies and processes and employ the supply chains described in the Corporate and Procurement Structure section above. 23 Annex 2: Mapping of sections to laws Page Norwegian Australian UK Modern Canada Transparency Act Modern Slavery Slavery Act Modern 2022 Act 2018 2015 Slavery Act 2023 Board of Directors 1 approval Microsoft’s approach: 3 structure, business & supply chains Risk management 5 oversight & management responsibility Fundamental rights 6 policies Stakeholder 10 consultation Embedding 10 fundamental rights strategy and Risk Assessments Risk mitigation 11 measures Remediation 15 processes Effectiveness 17 measures Grievance 17 mechanisms Internal and external 19 training Microsoft external 20 engagements The path forward & 22 ongoing commitments Annex 1: Our 23 Reporting Entities 24
